Security: Prevent writing outside the target directory during restore A vulnerability was found in the restic restorer, which allowed attackers in special circumstances to restore files to a location outside of the target directory. Due to the circumstances we estimate this to be a low-risk vulnerability, but urge all users to upgrade to the latest version of restic. Exploiting the vulnerability requires a Linux/Unix system which saves backups via restic and a Windows systems which restores files from the repo. In addition, the attackers need to be able to create files with arbitrary names which are then saved to the restic repo. For example, by creating a file named "..\test.txt" (which is a perfectly legal filename on Linux) and restoring a snapshot containing this file on Windows, it would be written to the parent of the target directory. We'd like to thank Tyler Spivey for reporting this responsibly! https://github.com/restic/restic/pull/1445